Configuring an integration node vault

You can configure an integration node vault to store credentials, which can then be used by the integration node and its managed integration servers to access secured resources.

Before you begin

Read Configuring an IBM App Connect Enterprise vault.

About this task

An integration node vault is an App Connect Enterprise vault that can be used by an integration node and the integration servers that it manages. Each integration node has its own vault, with its own vault key, which is shared by all the integration servers that it manages. The vault is created when the integration node is configured, and the integration servers that are managed by the integration node have access to the vault.

Procedure

You can configure an integration node vault by using one of the following methods:

  • Using the mqsivault command

    You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from a vault. The vault stores the records in encrypted form. Credentials that are stored in an integration node vault can be accessed by the integration node and all the integration servers that it manages.

    You can copy the contents of a vault into another vault by using the import and export options of the mqsivault command. You can use the --export parameter to copy the contents of a vault into a temporary archive (.zip file) and then use the --import parameter to import the contents of the archive file into the target vault. The vault entries are stored in the archive using an archive key to symmetrically encrypt and decrypt the values.

    For more information about using the mqsivault command to configure a vault, see mqsivault command and Configuring encrypted security credentials.

    For information about creating, updating, retrieving, or deleting the security credentials, see mqsicredentials command.

  • Using the mqsicreatebroker command

    If you create an integration node by running the mqsicreatebroker command, you can create a vault for that integration node by specifying either the --vault-key or --vaultrc-location parameter on the command. For more information about how to use the command, see mqsicreatebroker command.